Browsing Security Basics Part 5 - Erasing Your Private Data

Part 1-Your Private Data	Part 4a-Web Browser Cookies
Part 2-Web Browsing History	Part 4b-Managing Cookies
Part 3-Web Browser Cache	Part 5-Erasing Your Private Data

If you use more than one type of Web browser, you have to clear your private data from each of those Web browsers after use. Some Web browsers will let you delete many types of data from one window.

If you're using Firefox 3, the following steps will lead you to the Clear Private Data dialog window:

1) Click "Tools" in the main menu.
2) Click "Clear Private Data" on the drop-down menu to open a new dialog window.

Under IE7, you can open the Delete Browsing History dialog window like so:

1) Click "Tools" in the main menu.
2) Click "Delete Browsing History"
*) Note that the dialog uses "Temporary Internet Files" instead of "Cache".

With Opera 9, there is a Delete Private Data dialog window that is opened using the following:

1) Click "Tools" in the main menu.
2) Click "Delete Private Data".
3) Click "Detailed Options" to show you what you can choose to delete.

These dialogs will have more than just history, cache and cookies. Feel free to check the help files for your Web browser and find out what else needs to be deleted. You can use this information as a basis for learning other Web browser tricks and tips.

Browsing Security Basics Part 4b - Managing Cookies

Part 1-Your Private Data	Part 4a-Web Browser Cookies
Part 2-Web Browsing History	Part 4b-Managing Cookies
Part 3-Web Browser Cache	Part 5-Erasing Your Private Data

Some Web browsers let you view and delete specific cookies you don't want. Please see the Web support site for your Web browser to find out how to view and delete cookies. For Firefox 3:

1) Click "Edit" in the main menu.
2) Click "Preferences" in the pop-up menu.
3) Click the "Privacy" tab.
4) Around the middle of the right side, click "Show Cookies".

With Opera 9, you can use two methods to manage your cookies. The main one is:

1) Click "Tools" in the main menu.
2) Click "Preferences" in the pop-up menu.
3) Click the "Advanced" tab.
4) Click "Cookies" in the left panel.
5) Click the "Manage Cookies" button near the bottom of the window.

Internet Explorer 6 and 7 has a cookie manager that works differently. It lets you access its cookie manager by using the following route:

1) Click "Tools" in the main menu.
2) Click "Internet Options" in the pop-up menu.
3) Click the "Privacy" tab in the new Internet Options dialog window.
4) In the middle of the dialog, click the "Advanced" button to open the "Advanced Privacy Settings" dialog window.

In the Advanced Privacy Settings dialog window, you can leave the "Override automatic cooking handling" box unchecked to allow all cookies. If you place a checkmark in this box, you can block the following types of cookies:

First-party Cookies - These are used by the same site as the Web page you're viewing ("Accept" is considered to be safe)
Third-party Cookies - These can be read by any site ("Block" is considered to be smart)

A page at Surf The Net Safely gives additional details on managing cookies in IE6 and IE7.

Some Web browser extensions or add-ons will allow easier access to the cookie manager. Some Web browsers automatically block or accept cookies from specific sites based on your preferences.

Browsing Security Basics Part 4a - Web Browser Cookies

Part 1-Your Private Data	Part 4a-Web Browser Cookies
Part 2-Web Browsing History	Part 4b-Managing Cookies
Part 3-Web Browser Cache	Part 5-Erasing Your Private Data

Web browser cookies have become commonplace and unavoidable in common Web browsing tasks.

In the most basic sense, the term "cookie", when applied to computers, refers to a piece of information that is stored by one system, and used solely by another. These are also known as "magic cookies", and are useless to the system that stores them. They are only read and changed by "the other system".

As each "magic cookie" is intended to be stored as a separate file, Web browsers will usually store them in separate files as well. Security scanning programs (virus or ad scanners) can be used to find and delete cookies more easily this way. These files can also be opened in a text editor.

Cookies are useful for keeping track of user preferences and sessions. Unless you have an account at a Web site, the site has no reliable way of keeping track of you other than by using cookies. If you do have an account on the Web site, this information can be stored on the Web site instead of your computer. Web sites may try to keep their tracking systems simple by only using cookies, though.

There are plenty of other things that cookies can be used for. They can be used to keep track of certain Web sites you visit, or to keep a list of items in your 'Shopping Cart' on a Web site. If you instruct a site to change your display or language options, most likely a cookie will be stored on your computer with this information.

Most concerns stem from a Web site's ability to track a user's activites on the Internet. Please find a more detailed explanation of cookies at Webopedia's "What You Need To Know About Cookies" page.

Browsing Security Basics Part 3 - Web Browser Cache

Part 1-Your Private Data	Part 4a-Web Browser Cookies
Part 2-Web Browsing History	Part 4b-Managing Cookies
Part 3-Web Browser Cache	Part 5-Erasing Your Private Data

Computers use caches to store temporary information. Someone who's moving into a new house may first distribute the large items (furniture, appliances) to their respective rooms. Then they may use the living area to cache all of the boxes and small items before or while distributing them to the other parts of the house.

A Web browser keeps items in its cache for later retrieval. When your Web browser loads a web page from the Internet, it will store graphics and other Web files to your hard drive. This helps speed up your Web browsing experience, because instead of downloading the files again (which takes more time), it can refer to the copies on your hard drive (which takes less time).

One problem with caching involves scripts that are loaded outside of the Web page (similar to Cross Site Scripting, or XSS). Such a script can tell the Web browser to never reload it again.

If that script has a unique ID number inside to identify your computer from anyone else's computer, the script can send it to the Web site along with your browsing history and other stuff. All of this information is associated on the Web site with the ID number on your computer. More information about Web browser cache security is available at this Darknet UK Web page.

Another problem with caching is anyone at your keyboard can view the Web browser cache with any number of tools. If other people access your computer, they may be able to access your logins and other private things.

It's recommended you allow your Web browser to completely clear the cache when it exits. Most Web browsers have this feature.

Browsing Security Basics Part 2 - Web Browsing History

Part 1-Your Private Data	Part 4a-Web Browser Cookies
Part 2-Web Browsing History	Part 4b-Managing Cookies
Part 3-Web Browser Cache	Part 5-Erasing Your Private Data

When your Web browser loads a web page from the Internet, it stores the address (URL) and the title of that page. The Web browsing history is made up of the list of pages you have visited.

Scripting is used to let a Web page give internal information about the Web browser to a Web site. Javascript is a popular scripting language for accessing Web browser internal information. Javascript can also submit requests to other Web sites without the general user knowing anything was sent.

Once a Web page has sent your Web browser's history to a Web site, the Web site can see if you've been to a competitor of that site, or target advertising to the nature of your Web browsing history.

Some Web browsers allow you to disable scripting, which can limit what a Web page can do but does not offer complete security. In fact, this page cleverly shows a method to avoid scripting while still reading the Web browsing history.

If you want to brush away those bread crumbs showing which Web sites you've been to, erase your Web browser's history. Web browsers should give you an option to clear your browsing history. This will erase all of the files contained within your Web browsing history.

Browser Security Basics Part 1 - Your Private Data

Part 1-Your Private Data	Part 4a-Web Browser Cookies
Part 2-Web Browsing History	Part 4b-Managing Cookies
Part 3-Web Browser Cache	Part 5-Erasing Your Private Data

Your Web browser keeps track of a lot of stuff. Most of the common Web browsers, like Firefox, Internet Explorer, and Opera, may store one or more of the following things called "private data":

• - Browser history - records of which sites you've visited
• - Browser cache - graphics and other Web page objects
• - Browser cookies - information stored by Web sites
  

Web browsers will store this information in files on your computer's hard drive. The locations of these files is dependent on your operating system (Windows, Unix/Linux, etc.) and Web browser (Internet Explorer, Firefox, Opera, etc. and version).

Options to access this information are also somewhere in your Web browser. You may need to delve into some of your Web browser's menus to look for this stuff. Please be sure to refer to the help support for your Web browser as necessary.

The next articles will separately cover History, Cache and Cookies. The last article will suggest methods of erasing this information.

Cross Site Scripting (XSS)

Hiyas!

This article is intended to give you, the general user, information about a commonly used technical tool known as "Cross Site Scripting", or XSS. Although logic would tell us that CSS should be the shortened version, XSS is used instead because CSS is used for another type of Web tool called "Cascading Style Sheets". (I hope this is as technical as I need to get...)

First, scripting: Web browsers use scripting to make the Web browsing experience more "rich and full". Lots of cool things can be done with scripting: forms can be checked to make sure that information follows specific rules (personal names don't have numbers, telephone numbers have no letters, etc.); Web pages can display better by detecting your Web browser type; and scripting can also be used to add extra pizazz (bells and whistles) to a Web page.

There are two main categories of Web scripting: server-side scripting, which your Web browser doesn't need to worry about, and client-side scripting, which is used by your Web browser. This article deals with client-side scripting. The most commonly used client-side scripting language is "Javascript". I adore Javascript because it's easy to write something small that does a lot. Other client-side Web scripting technologies include VBScript and ActiveX.

Scripts can be stored in the Web page itself, or (as XSS) it can be stored in another file and then read separately by the Web browser. Sometimes this is done because a Web site wants to keep all the scripting limited to a single resource, like putting all of their brown eggs in one basket, and every other type of egg in another. It helps keep things uncluttered.

XSS itself is not dangerous, but relying on another Web site to maintain the scripts can be disastrous if the script is not written properly. A recent example of a badly-written script involves worm attacks on Twitter over the last weekend. Worms are like viruses, but they're usually based on scripts. See Symantec's take on viruses, worms and trojans for a more detailed view of the differences between these exploits.

Because Twitter did not design their scripts properly, the scripts allowed the Web servers (which store the Web pages) to become vulnerable to attack. Then the Web servers were too busy dealing with the problems, and couldn't feed information to its users. It's a toss-up between safety and functionality. The more uses a scripting language has, the more exposed your Web browser can be to attack. This is an unfortunate fact of computers.

Because the scripts were available through a central site, any pages which used these scripts were vulnerable to attack.

The typical reason that Web scripts are unsafe is that companies or people take shortcuts, and therefore save time, because money (which is time) is more important to companies than safeguards. Alternately, Web programmers are not trained properly, and through lack of knowledge introduce these errors into their code. It's like a wizard who doesn't understand the nature of the spell being cast: if a part of reality is accessed by the spell without proper safeguards in place, the spell can backfire and cause problems. (Not that wizards necessarily exist, but the idea is the same.)

It would help if experts reviewed scripts and then published their findings to expose these nasty exploits. Unfortunately, it takes too long and requires too much effort, and pays little to the reviewer. A company can also change the script whenever they want, and the user won't know until they review the code.

How can you protect yourself from these exploits?

The easiest solution is to disable scripting entirely. This, however, will keep some Web sites from operating properly (or at all). If the Web site knows that it cannot use scripts, sometimes it will tell you, but it still may not work properly.

The solution I prefer is to disable scripting for some sites, and allow it for others. I'm unsure if this is available to other Web browsers, but with Firefox I've been using the NoScript add-on. NoScript disables all scripting, and then allows you to enable them temporarily or permanently on a case-by-case basis. It's fairly easy to use, and I only have it permanently enabled for maybe 6 sites. Everyone else has to earn my trust first!

As it stands, XSS is likely to be around for a while, and so too will Web scripting vulnerabilities. So, as with many other things, it's up to the user to protect themselves and be informed about the dangers of Web browsing.

Web Browsers For Internet-Based Research

Greetings! This blog was designed to host information that can potentially save users like you time and trouble in the future. However, the author, which would be yours truly, wishes to also post travelogues of his adventures through the Internet. Perhaps some information will become available that will assist you in your own future research endeavours.

To wit, productive Internet research needs a well-designed web browser. Not only does the browser have to support the full collection of standards available comprising the almighty Internet, but information must be presented in an orderly fashion to best classify research.

For instance, until tabbed browsing came along, users were forced to open each web page in a separate window. Tabbed browsing allows users to open multiple web pages in one window. A natural progression from here is to use separate windows of tabs for further classification or organization.

For instance, if one were to wish to find out information about carnivorous monkeys, with basic tabbed browsing one would open an initial page to a search engine and type something akin to 'carnivorous monkeys' (with double quotes). The resulting page would have links to carnivorous monkeys. Open each relevant link in separate tab and review them individually for applicable information.

If a link leads you to a treasure trove of further links, the current page or applicable link can be opened in a new window and additional tabs can be opened after within the window. This keeps your session separate from the main results.

However, when tabbed browsing was first introduced, I was dismayed to find that there was no way to categorise related tabs in the same window. This would allow me to conduct extensive research within a single window: topics could be nested to represent different phases or areas of the research session.

Enter: FireFox and the Tree Style Tab add-on. I currently have my list of tabs to the left side of the browser window, listed from top to bottom. When I open a link in a new tab, it will place the tab as a child of the current page. I can then click on the new sub-tab to view the details.

FireFox also supports standards better, from my experience, than other browsers. Secunia.com reports only two unresolved security issues. In contrast, Internet Explorer (any version) is found to be the least secure and least able to support current web standards. Opera (9.63) has no reported security issues, but the standards and Java support are lacking for my liking. I don't trust Chrome because I don't trust Google to keep my information secure, and Google openly wishes to track the web habits of all of its users.

If you have no particular comments regarding this, I would like to know about your favourite Web browser. Which features does your Web browser offer that enriches your Web browsing experience? Do you bother with plugins or add-ons?